Skip to main content

A visualization python package that can extract information from any server log (i.e. HTTP server/Django/Auth/etc), reverse-search the data, and visualize the origination of the authentication attempts.

Project description

Authr

A visualization python package that can extract information from any server log (i.e. HTTP server/Django/Auth/etc), reverse-search the data, and visualize the origination of the authentication attempts.

The following information are extracted from the logs:

  1. IP Address
  2. Port Number
  3. Username
  4. Server Message

Once the information is extracted, each IP from the authentication attempt is checked with Shodan to get it's location data. An HTML page is created with a map and pins (associated to each IP).

Here is a sample of the data on a heat map:


Heat Map

Here an example of a map with markers for each data point:


Marker Map

** This may also be able to work with servers that are using fail2ban.

Available Functions

The following functionality are currently available from Authr:

  1. Create a CSV from server logs
  2. Create an html heat map from the server logs
  3. Create an html scatter map from the server log data
  4. Create an html map with markers from the server log data
  5. Create an html map with a polygon plot (connecting lines to each point) from the server log data

Getting Started

These instructions will get you up and running with authr on your local machine. You will be able to scrape your own server logs.

Prerequisites

Shodan

This tool heavily relies on Shodan (search engine for Internet-connected devices) to find the location of an IP address.

Go here to sign up for an account and get an developer API key.

Installations

The following steps go through installing Python dependencies and setting up the environment for the tool.

  1. Install Authr
    $ pip install Authr
    

Usage

Sample Code - Heat Map & CSV

Below is a code sample on how to generate a heat map and csv from your server log:

  1. Place the following in a python file
        import authr, argparse, os
    
        def main():
            parser = argparse.ArgumentParser(description='Scrape Logs and Inserted into the DB')
            parser.add_argument('-a', '--auth', help='Server Log', required=True)
            parser.add_argument('-k', '--key', help='Shodan Key', required=True)
    
            args = vars(parser.parse_args())
            log_file_path = args['auth']
            shodan_api_key = args['key']
    
            full_path = os.path.dirname(os.path.abspath(__file__))
            full_log_file_path = full_path + log_file_path
            authr.set_shodan_api_environment(shodan_api_key)
    
            marker_list = authr(full_log_file_path).parse_auth_log(full_log_file_path)
            authr.create_authr_map_with_heatmap_plots(marker_list, "example_map.html")
            authr.create_authr_csv(marker_list, "example-csv.csv")
    
        if __name__ == "__main__":``
           main()
    
  2. Run the following command
    $ python test.py -a {__path_to_server_log_file__} -k {__Shodan_API_Key__}
    

Built With

  • Python 3.6
  • Shodan - Search engine API for Internet-connected devices.
  • GMPLOT - Used to generate maps with pins for the location of authentications.

Authors

License

Licensed under the MIT License

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
authr-1.3.3-py3-none-any.whl (8.1 kB) Copy SHA256 hash SHA256 Wheel py3 Aug 10, 2018
authr-1.3.3.tar.gz (6.7 kB) Copy SHA256 hash SHA256 Source None Aug 10, 2018

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page